Feb 07 2018 10:35 AM
For an Azure Service Principal, we have below keys in config file
<add key="SubscriptionId" value="" />
<add key="ClientId" value="" />
<add key="ClientSecret" value="" />
<add key="TenantId" value="" />
Is there any azure key vault like service available, where we can securely keep these keys and use it based on demand?
Feb 10 2018 10:43 AM
Feb 12 2018 03:33 AM - edited Feb 12 2018 03:34 AM
Key-vault service I didn't use, but what I understood is that key-vault keys can belongs to a specific PaaS service like Storage Account or any similar kind. Once accessing such PaaS services using a URL, you add this additional key-vault value to it. Also to access key-vault, you may need to keep another key for it locally and need to think how to secure that.
But my scenario is that I am doing an automation tool which will create different PaaS services in Azure using ARM templates. So any such management activity needs a single master login mechanism e.g. Service Principle, which includes multiple keys. I need to keep these keys securely without bound with any specific PaaS services and can use it whenever want to login to Azure. Currently I kept these keys inside my application config file and tool internally reading this config values during login.